Emergency access interception according to black list

ABSTRACT

This invention addresses to execute an emergency access interception in a widely distributed environment.  
     An access controller  100  manages an access control list (ACL)  110  recording access right to each object, and a black list (BL)  120  recording user information corresponding to the emergency access interception. The access controller  100  receives a request for authentication to access right and judges whether or not the access right is proper, first according to the BL  120  then ACL 110 . In case where the user information corresponding to the request is recorded in the BL  120 , the access controller  100  sends out the user information to other access controllers and instructs them to register it in the black list. This invention effectively actualizes the emergency access interception under the widely distributed environment in case where the interception is required for any user.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to an access control to information resourcesstored in a computer.

2. Description of the Related Art

Access control lists (ACLs) record permitted users for informationresources stored in computers and are referred to restrict accesses byimproper users, thereby enhancing securities for the informationresources. Recently, a widely distributed environment, in which aplurality of networks are connected through a wide area network, such asthe Internet, and enables the information resources including data filesto be shared among the networks, is utilized. The ACL is also effectiveunder the environment to enhance the securities. Under the environment,the ACLs, each of them being managed by each access controller connectedwith each network, are synchronized among all access controllers.

Since access right or permission to information resources are not stablebut flexible, some cases require an interception of all accesses by aspecific user under the widely distributed environment. JP 1999-282805Adiscloses a technique that synchronizes update of all ACLs in such acase where the access right of the specific user has to be prohibited,thereby intercepting all accesses by the prohibited user. Anothertechnique periodically transmits a certification issued by a certificateauthority for the access right, thereby intercepting accesses by userswith invalid certifications.

But these conventional technique are not effective enough for emergencyaccess interception in the following exemplified cases: a prohibition ofaccess right after dismissing a specific user and detection of improperaccess. That is because the first technique requires long time to updatethe ACL, and the second technique cannot intercept the access before thenew certification is issued and the old one turns to be expired.

The above-mentioned problem is not specific for the widely distributedenvironment but common to any system in which a plurality of accesscontrollers cooperate together in controlling accesses to informationresources.

SUMMARY OF THE INVENTION

To solve at least a part of the above-mentioned problem, this inventionis directed to a first embodiment as follows. The first embodimentprovides an access controller that controls an access to an informationresource stored in a storage device, under an environment where aplurality of the access controllers and the storage devices areconnected with a network. The access controller comprises an accessrestriction module, an access interception module, an input module and alist update module. The access restriction module is configured torestrict access to each information resource according to an accesscontrol list (ACL) on which access right to each information resource isrecorded. The access interception module is configured to intercept anaccess by an access prohibited user listed on an access prohibitionlist. The input module is configured to receive user information of theaccess prohibited user. The list update module is configured to updatethe access prohibition list referred by each of the access controllersconnected with the network, according to the user information inputthrough the input module.

Various information that can specify the access prohibited user isutilized as the user information, and may include, for example, user IDand a user name. Information to specify user's terminal or computer isalso available as the user information. The ACL may contain detailedinformation of access right, such as “reading only” and “deleteprohibited” or simple information, such as “access permitted” and“access prohibited”.

The input module may receive the user information in various manners:receiving input of the information directly through user's keyboardoperations or the like; reading out the information from data filesrecording the access prohibited users thereon; and receiving the accessprohibition list itself. The list update module may update the accessprohibition list through rewriting the user information registered inthe list or replacing the access prohibition list itself.

This invention notifies all access controllers connected with thenetwork of the user information for the emergency access interception,thereby enabling required emergency access interception under the widelydistributed environment where a plurality of networks are connected eachother through a wide area network, such as the Internet. The accessprohibition list, which does not record access permission to each filebut contains prohibited user information, is smaller than the ACL, whichrecord access right corresponding to each information resource and has alarge amount of data size. This smaller data size of the accessprohibition list can reduce required time and load to update itself.

In the first embodiment, the list update module may send out an otheraccess controller a registration instruction to register the input userinformation on the access prohibition list of the other accesscontroller. This application preferably reduces network traffic.

In the first embodiment, the list update module may send out a updatedaccess prohibition list to an other access controller. The other accesscontroller can easily replace the old list with the updated list.

A second embodiment of the invention provides an access controller thatcontrols an access to an information resource stored in a storagedevice, under an environment where a plurality of the access controllersand the storage devices are connected with a network. The accesscontroller comprises an access restriction module, a receiving module, alist update module and an access interception module. The accessrestriction module is configured to restrict access to each informationresource according to an access control list on which access right toeach information resource is recorded. The receiving module isconfigured to receive user information of an access prohibited user fromthe other access controller. The list update module is configured toupdate an access prohibition list, which records user information ofaccess prohibited users, according to the received user information. Theaccess interception module is configured to restrict the access byreference to the access prohibition list prior to the access controllist.

In the second embodiment, each of the access controllers can reflect theaccess prohibited users information added to the access prohibition listof any other access controller to own access prohibition list withoutdelay. Accordingly, the second embodiment effectively actualize theemergency access interception under the widely distributed environment.

Both in the first and second embodiments, the access interception modulemay also intercept the access that has not been completed. Thisembodiment can intercept accesses that are started before updating theaccess prohibition list, accesses after the updating and accesses inwaiting for processing, thereby enhancing the securities.

The access controller may further comprises an access control listupdate module configured to update the ACL according to the accessprohibition list. This embodiment can automatically update the ACL toreduce maintenance load for the ACL.

The list update module may delete the user information on the accessprohibition list at a predetermined timing.

Keeping the user information which has been once registered on theaccess prohibition list causes enlarged data size of the accessprohibition list and requires longer time to check through the accessprohibition list. Deleting the user information registered on the accessprohibition list after updating the ACL as described above avoidsenlarged size of the access prohibition list and the delay of the accessinterception process. Deleting the access prohibition list itself isalso available.

The predetermined timing may be after the completion of updating theaccess control list. This allows each access controller connected witheach network to individually delete the user information that has beenreflected to the ACL. The access controller refers to the accessprohibition list prior to the ACL, so that the load for checking thelist can be reduced by deleting the user information from the accessprohibition list.

The predetermined timing may be after all of the access control listshave been updated.

This embodiment ensures synchronization of access prohibition lists andACLs among all of the access controllers. This embodiment can beespecially effective in case where, for example, the updated accessprohibition list is distributed and replaced to old lists as theupdating process. This embodiment ensures reflection of the updatedaccess prohibition list to the ACL without lack due to provision of thelist which has not been updated in those in some access controllers.Accordingly, the access interception according to the synchronized ACLsfree from the above-mentioned lack can be actualized.

This invention may also provide an access control system by means ofcombination of the first and second embodiments. In the case where theaccess prohibition list of any one of access controllers is updatedaccording to user information, the access controller sends out the userinformation or the updated access prohibition list to one or pluralother access controllers in response to the update. The other accesscontroller receives the user information or the updated accessprohibition list to update own access prohibition list.

Transmitting the user information can reduce the traffic of the network,thereby enhancing the processing efficiency. On the other hand,transmitting the access prohibition list can inform the user informationto specify a plurality of users to be subjected to the emergency accessinterception, and reduce the load for updating the access prohibitionlist in the receiving access controller by replacing it with thetransmitted one.

The distribution module may broadcast the user information or theupdated access prohibition list over all of other access controllers.This can make a simultaneous notice to all of the access controllers andensure a synchronization of access prohibition lists.

The distribution module of each access controller may send out the userinformation or the updated prohibition list to predetermined anotheraccess controller, thereby transmitting the user information or theupdated prohibition list from one access controller to another. This canreduce required time for each transmission by reflecting hopping numberon the network to selection of the destination access controller.

Various modifications are considerable for this invention out of theaccess controller and the access control system above, such as an accesscontrol method, a computer program to execute such access control, and acomputer readable recording medium or a wave form in which the computerprogram is recorded or transmitted. Various features above are availableeach of these modifications.

When the present invention is configured as a computer program, arecording medium with such program recorded therein, or the like, suchconfiguration may include an entire program for controlling or only apart that realizes the functions according to the present invention. Avariety of computer-readable recording media may be used as therecording medium, including as flexible disk, CD-ROM, DVD-ROM, punchedcard, print with barcodes or other codes printed thereon, and internalstorage device (memory such as ROM and RAM) and external storage deviceof the computer.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic that shows a system configuration of theembodiment.

FIG. 2 is a schematic that shows functional blocks in the accesscontroller of the embodiment.

FIGS. 3A and 3B are schematics that show an exemplar of the accesscontrol list.

FIG. 4 is a schematic that shows an exemplar of the black list.

FIG. 5 is a flowchart of the access control process.

FIG. 6 is a flowchart of the access control process in the accesscontroller.

FIG. 7 is a flowchart of the black list distribution process.

FIG. 8 is a flowchart of the access interception process.

FIG. 9 is a flowchart of the ACL update process.

FIG. 10 is a flowchart of process for deleting the black list.

FIG. 11 is a schematic that shows a modified system configuration.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The embodiments of this invention are described below.

A. Embodiment

A1. System Configuration

FIG. 1 is a schematic that shows a system configuration of theembodiment. An access control system 1000 is configured by connectingfour networks A, B, C, D via an Internet INT. Connected with the networkA via a local area network LAN1 are an access controller 100, a storagedevice 500, a client CL1 and the like. Similarly, connected with thenetworks B, C, D via local area networks LAN2, LAN3, LAN4 are accesscontrollers 200, 300, 400, storage devices 600, 700, 800 and clientsCL2, CL3, CL4, respectively.

Storage devices store data file 501, 601, 701, 801 and the like,respectively. The access control system 1000 is configured as so-calledwidely distributed environment via the Internet INT. Each client canaccess not only to the storage device connected with own network, butalso to others connected with other networks, and can read data filesstored in these storage devices. For example, the client CL1 can readnot only data file 501 in the storage device 500 but also data file 701in the storage 700 on the network C.

Access right is required to access to every data file in these storagedevices. Each access controller judges whether or not the access rightis proper to control the access. Concretely, in the case where theclient CL1 sends out an access request for the data file 501, the accesscontroller 100 authenticates whether or not the client CL1's user ispermitted to access to the data file 501 and controls the accessaccording to the result of the authentication.

The access controller 100 manages two kinds of lists, an access controllist 110 (hereinafter referred to as “ACL 110”) and an accessprohibition list 120 (hereinafter referred to as “black list 120”). TheACL 110 contains the detail access right to each object, such as a datafile for each user. The black list 120 contains user information tospecify users to be subjected to an emergency access interception. Theaccess controller 100 first checks whether or not the user informationof the requesting user is recorded on the black list 120, in response toan access requirement, and subsequently checks the ACL 110 if the userinformation is not recorded in the black list 120.

In the case where an emergency access interception is required in thenetwork A, for example, the case where any one of users is dismissed,the access controller 100 also updates own black list 120 according touser information that is input through administrator's operation, andinstructs other access controllers 200, 300, 400 to register this userinformation to the black list 220, 320, 420. The access controllers 200,300, 400 receive this registration instruction and update respectiveblack list 220, 320, 420. This sequence effectively actualizes emergencyaccess interception within all networks under the widely distributedenvironment.

A2. Functional Blocks

FIG. 2 is a schematic that shows functional blocks in the accesscontroller of the embodiment. The access controller 100 includes a maincontroller 101, a communication controller 102, an ACL manager 103, ablack list manager 104, an access manager 105, an input module 108 and astorage manager 109. The access manager 105 includes an accessrestriction module 106 and an access interception module 107 therein.The communication controller 102 controls following communications viathe network: a communication with other devices in the own local areanetwork LAN1, and a communication with other networks via the InternetINT.

The ACL manager 103 manages the ACL 110. The detail of the ACL 110 isdescribed below. The black list manager 104 manages the black list 120.The user information to be registered includes user ID and user name,which are input by the administrator through the input module 108. Thedetail of the black list 120 is described below. The ACL manager 103also updates ACL 110 by reflecting the user information of the blacklist 120 to the ACL 110. The access controller 100 deletes the userinformation which has been reflected to the ACL 110 from the black list120, to ensure the processing efficiency of the access control.

The storage manager 109 manages storage devices in own local areanetwork LAN1, such as storage device 500. The manage is for data in thestorage devices and users accessing to each storage device by an accessmanagement table 109 a illustrated in the figure.

The access management table 109 a includes information such as: uniqueaccess ID of each access, access required object's name, statuses ofaccess, and accessing user's information. In the illustrated example,the object “O-9” in the access ID [1] is in “Accessing” status by theuser “S-3”. Similarly, the object “O-7” in the access ID [2] is in“Access Waiting” status by the user “S-8”.

The access manager 105 provides a function of access controls, includingan access restriction according to the ACL and an emergency accessinterception. The access restriction module 106, included in the accessmanager 105, checks the ACL 110 for the authentication of user's accessright and responses the result to the storage device 500, in response toan authentication requirement. The access interception module 107, alsoincluded in the access manager 105, checks the black list 120 to findthe user in formation in the access management table 109 a and if found,intercepts any access by the corresponding user, regardless of thestatus of access. In the illustrated example, finding the user “S-1” inthe black list 120 causes the interception of all accesses from accessIDs [3] and [6].

FIG. 3A is a schematics that shows an exemplar of the ACL. The ACL 110includes information such as: unique ID of each access right, object'sname, name of the user managing the object, permitted group, andpermission of the access right. FIG. 3B shows general concept of thegroup. A group “G-1” in the dotted box includes users “S-1”, “S-2”,“S-3”, “S-4”, and “S-5.” And a group “G-2” in the chained box is a partof the group “G-1” and includes users “S-1”, “S-2”, and “S-5.”Accordingly, the users “S-1”, “S-2”, and “S-5” belong to both groups“G-1” and “G-2.”

Respective characters, “R” and “W” in the “permission” represent “Read”or readable and “Write” or writable. Concretely, the object [O-1] in theID [1] is permitted “R, W”, which means the object is both readable andwritable by the user “S-3”. Similarly, the object [O-1] in the ID [2] ispermitted “R”, which means the object is further readable by users inthe group “G-1.”

FIG. 4 is a schematic that shows an exemplar of the black list. Theblack list 120 includes user information, such as user ID and user name.Alternatively, either the user ID or the user name may be omitted. InFIG. 4, the user information, the user ID “S-1” and the user name “TaroHitachi”, is recorded in the black list 120, which is recorded by theaccess controller 100 in response to an access interception requirement.The black list 120 can contain a plurality of users at one time. And anew user to be subjected to the emergency access interception can beadded to the black list.

Other access controllers 200, 300, and 400 have similar configuration,and the explanation for them is omitted.

A3. Access Control Process

FIG. 5 is a flowchart of the access control process, which enables theclient CL1 to access the data file 501 in the storage device 500.

The client CL1 sends out an access requirement to the access controller100 (step Sa100). The access controller 100 receives the requirement andauthenticates the access right of the user by checking the black list120 and the ACL 110. The access controller 100 accesses to the storage500 according to the authentication result (step Sa102) and responsesthe access result to the client CL1 (step Sa103, Sa104).

FIG. 6 is a flowchart of the access control process in the accesscontroller, which corresponds to step Sa101 in FIG. 5 and is executed bythe access controller 100.

The access controller 100 receives the request for authentication ofaccess right to the storage device 500 from the client CL1, and alsoreceives user ID and access-required object's name (step S10). Then theaccess controller 100 checks the black list 120 (step S11) to judgewhether or not the accessing user is registered in the list 120 (stepS12). If registered, the access controller 100 sends out the storagedevice 500 an access prohibition notice (step S16) to intercept allaccesses by the user.

If not registered, the access controller 100 then checks the ACL 110 tofind the permission for the access-required object (step S13). Ifpermitted (step S14), the access controller 100 accesses to the storagedevice 500 under the permission, such as readable and writable (stepS15). If not permitted (step S14), though the user is out of the blacklist 120, the access controller 100 sends out the access prohibitionnotice to the storage device 500 (step S16).

A4. Black List Distribution Process

FIG. 7 is a flowchart of the black list distribution process. Whenreceiving input of the access interception requirement through theadministrator's operation, the access controller 100 registers the userinformation that is subjected to be the access interception on own blacklist 120 and broadcasts the user information and registrationinstruction of the information to the access controllers 200, 300, 400.FIG. 7 exemplifies one case in which the access controller 100 transmitsthe instruction to the access controller 200.

According to the flowchart of FIG. 7, the access controller 100 inputsthe access interception requirement through the administrator'soperation (step S20) and registers the user information including userID and user's name in the black list 120 (step S21). The accesscontroller 100 then transmits the registration instruction and the userinformation to the access controller 200 as well as the accesscontroller 300 and 400 to instruct each access controller to registerthe user information in its own black list (step S22).

Subsequently, the access controller 100 executes the access interceptionprocess to intercept any access by the user listed on the black list, asdescribed below (step S23). The access controller 100 updates the ACLaccording to the black list (step S24), as described below, and deletesthe user information from the black list 120 (step S25) after theupdating.

The access controller 200 receives the registration instructiontransmitted from the access controller 100 at step S22 and updates theblack list 220 by adding the user information, user ID and user's nameto the list 220 (step S31). The access controller 200 executes theaccess interception process according to the updated list 220 (stepS32), updates the ACL (step S33), and deletes the user information fromthe black list 220 (step S34). The processes of steps S32-S34 aresimilar to those of steps S23-S25 in the access controller 100. Theaccess interception process (step S23, step S32) and the process toupdate the ACL (step S24, step S33) are described below.

A5. Access Interception Process

FIG. 8 is a flowchart of the access interception process. This processcorresponds to the processes of steps S23 and S32 in FIG. 7 and isexecuted by the access controllers 100 and 200.

The access controller 100 refers to the black list 120 and the accessmanagement table 109 a (step S40, S41) to define statuses of accesses byblack listed user, that is, to determine whether or not there is anyblack listed user's access in the status of “accessing” or “accesswaiting” (step S42). In the case where such an access is found, theaccess controller 100 intercepts all accesses by the black listed userregardless of the status, “accessing” or “access waiting” (step S43). Onthe other hand, in the case where no access by the black listed user isfound, the access controller 100 returns from this process.

A6. ACL Update Process

FIG. 9 is a flowchart of the ACL update process. This processcorresponds to the process of steps S24 and S33 in FIG. 7 and isexecuted by the access controllers 100 and 200. The user with User ID“S-1” and user name “Taro Hitachi” is assumed to be a subject of theaccess interception.

The access controller 100 refers to the black list 120 and the ACL 110(step S50) to delete the user ID “S-1” from a group, thereby updatingthe group setting (step S51). The access controller 100 subsequentlyretrieves all records with user ID “S-1” from the ACL 110 and deletesthem (step S52). Concretely, the record ID [5] is shown to be deleted inthe FIG. 7.

This process enables the ACL 110 relating to the user ID “S-1” to beupdated with the group setting kept.

The embodiment described above can response situations where accessright of some users must be prohibited without delay, and can transmitthe user information of such users to all access controllers under thewidely distributed environment. Each access controller can enhancesecurities by utilizing the black list prior to the ACL, becauseupdating the ACL needs longer time and is suitable for an emergencyaccess interception.

B. Modifications

This invention is not limited to the above embodiment but there may bevarious modifications within the spirit thereof.

B1. First Modification

Unlike the embodiment in which the access controller 100 transmits theuser information and the registration instruction to all other accesscontrollers, the access controller 100 may transmit the updated blacklist in place of the information. This ensures effective updating of theblack list in the other access controllers.

Unlike the embodiment in which the access controller deletes the userinformation from the black list after updating the ACL, the accesscontroller may delete the old black list in response to receipt of theupdated black list. FIG. 10 is a flowchart of process for deleting theblack list. The updating of the ACL is assumed to be completed beforethe process.

According to the process of FIG. 10, the completion of updating the ACL(step Sa200) causes the access controller 200 to notify the accesscontroller 100 of the completion to the distributor of the black list,(step Sa201). Similarly, the access controllers 300 and 400 notify thecompletion (step Sa202-step Sa205).

After receiving the notification from all other access controllers, theaccess controller 100 deletes own black list (step Sa207) and instructother access controllers to delete their black lists. In response tothis instruction, the access controllers 200, 300, and 400 delete theirown black lists (steps Sa208-Sa213).

This modification ensures the synchronization of the ACL in all accesscontrollers. This modification ensures reflection of all userinformation in the black list to the ACL, even when a plurality ofaccess interception requirements are submitted in s short period andcauses frequent updates of the black list.

B2. Second Modification

Unlike the embodiment in which the access controller 100 simultaneouslytransmits the updated black list to all other access controllers 200,300 and 400, the access controller may transmit the list to one of theother access controllers as shown in FIG. 11. The receiving controllercan transmit the list to another. As illustrated with bold arrows inFIG. 11, the access controller 100 transmits the black list to theaccess controller 200, the controller 200 to the controller 300, and thecontroller 300 to the controller 400. The destination of thetransmission can be selected in consideration of the number of hoppingon the networks, and thus enhances efficiency of the transmission.

B3. Third Modification

The embodiment can apply a certificate authority that managescertifications of proper users under widely distributed environment. Inthis system, the certificate authority may execute the access controlwith the black list prior to authenticate the certification, whichensures securities.

1. An access controller that controls an access to an informationresource stored in a storage device, a plurality of the accesscontrollers and the storage devices being connected with a network, theaccess controller comprising: an access restriction module configured torestrict access to each information resource according to an accesscontrol list on which access right to each information resource isrecorded; an access interception module configured to intercept anaccess by an access prohibited user listed on an access prohibitionlist; an input module configured to input user information correspondingto the access prohibited user; and a list update module configured toupdate the access prohibition list corresponding to each accesscontroller connected with the network, according to the user informationinput through the input module.
 2. An access controller in accordancewith claim 1, wherein the list update module sends out other accesscontroller a registration instruction to register the input userinformation on the access prohibition list of the other accesscontroller.
 3. An access controller in accordance with claim 1, whereinthe list update module sends out updated access prohibition list toother access controller.
 4. An access controller in accordance withclaim 1, wherein the access interception module also intercepts theaccess that has not completed.
 5. An access controller in accordancewith claim 1 further comprising access control list update moduleconfigured to update the access control list according to the accessprohibition list.
 6. An access controller in accordance with claim 5,wherein the list update module deletes the user information on theaccess prohibition list at a predetermined timing.
 7. An accesscontroller in accordance with claim 6, wherein the predetermined timingis after the update of the access control list has been completed.
 8. Anaccess controller in accordance with claim 6, wherein the predeterminedtiming is after the update of all access control list has beencompleted.
 9. An access controller that controls an access to aninformation resource stored in a storage device, a plurality of theaccess controllers and the storage devices being connected with anetwork, the access controller comprising: an access restriction moduleconfigured to restrict access to each information resource according toan access control list on which access right to each informationresource is recorded; a receiving module configured to receive userinformation of an access prohibited user, from other access controller;a list update module configured to update an access prohibition list,which records user information of access prohibited users, according tothe received user information; and an access interception moduleconfigured to restrict the access by reference to the access prohibitionlist prior to the access control list.
 10. An access controller inaccordance with claim 9, wherein the access interception module alsointercepts the uncompleted access.
 11. An access controller inaccordance with claim 9 further comprising access control list updatemodule configured to update the access control list according to theaccess prohibition list.
 12. An access controller in accordance withclaim 11, wherein the list update module deletes the user information onthe access prohibition list at a predetermined timing.
 13. An accesscontroller in accordance with claim 12, wherein the predetermined timingis after the update of the access control list has been completed. 14.An access controller in accordance with claim 12, wherein thepredetermined timing is after the update of all access control list hasbeen completed.
 15. An access control system in which a plurality ofstorage devices for storing information resources and access controllersfor controlling accesses to the information resources are connected witha network, each access controller comprising: an access restrictionmodule configured to restrict access to each information resourceaccording to an access control list that records access right to eachinformation resource; an access interception module configured torestrict the access by reference to an access prohibition list, whichrecords user information of access prohibited users, prior to the accesscontrol list; at least one of the access controllers corresponding tothe updated access prohibition list further comprising a distributionmodule configured to send out the user information or the updated accessprohibition list to other access controller in response to the update;and the other access controller further comprising a list update moduleconfigured to receive the user information or the updated accessprohibition list and to update the access prohibition list of the otheraccess controller.
 16. An access control system in accordance with claim15, wherein the distribution module broadcasts the user information orthe updated access prohibition list over all of other accesscontrollers.
 17. An access control system in accordance with claim 15,wherein the distribution module of each access controller sends out theuser information or the updated prohibition list to predeterminedanother access controller, thereby transmitting the user information orthe updated prohibition list from one access controller to another. 18.An access control system in which a plurality of storage devices forstoring information resources and access controllers for controlling anaccess to the information resources are connected with a network, eachaccess controller comprising: an access restriction module configured torestrict access to each information resource according to an accesscontrol list on which access right to each information resource isrecorded; an access interception module configured to restrict theaccess by reference to an access prohibition list, which records userinformation of access prohibited users, prior to the access controllist; a distribution module configured to broadcast the user informationto other access controller in response to update of own accessprohibition list; a list update module configured to update own accessprohibition list in case of receiving the user information; an accesscontrol list update module configured to update the access control listaccording to the user information after updating the access prohibitionlist; and a user information deletion module configured to delete theuser information from the access prohibition list after updating theaccess control list.
 19. An access control method for controlling anaccess to an information resource stored in a storage device, the methodis executed by an access controller in a system where a plurality of theaccess controllers and the storage devices are connected with a network,the method comprising the steps of: restricting access to eachinformation resource according to an access control list on which accessright to each information resource is recorded; intercepting an accessby an access prohibited user listed on an access prohibition list;inputting user information corresponding to the access prohibited user;and updating the access prohibition list corresponding to each accesscontroller connected with the network, according to the input userinformation.
 20. An access control method for controlling an access toan information resource stored in a storage device, the method isexecuted by an access controller in a system where a plurality of theaccess controllers and the storage devices are connected with a network,the method comprising the steps of: restricting access to eachinformation resource according to an access control list on which accessright to each information resource is recorded; receiving userinformation of an access prohibited user from other access controller;updating an access prohibition list on which user information of accessprohibited users is recorded, according to the received userinformation; and restricting the access by reference to the accessprohibition list prior to the access control list.
 21. An access controlmethod for controlling an access to information resources in an accesscontrol system where a plurality of storage devices for storinginformation resources and access controllers are connected with anetwork, the method comprising the steps of: each access controllerrestricting access to each information resource according to an accesscontrol list on which access right to each information resource isrecorded; each access controller restricting the access by reference toan access prohibition list, which records user information of accessprohibited users, prior to the access control list; at least one of theaccess controllers corresponding to the updated access prohibition listsending out the user information or the updated access prohibition listto other access controller in response to the update; and the otheraccess controller receiving the user information or the updated accessprohibition list and updating the access prohibition list of the otheraccess controller.
 22. A computer readable recording medium in which acomputer program executed by an access controller to control an accessto an information resource stored in a storage device is stored, thecomputer program being executed in a system where a plurality of theaccess controllers and the storage devices are connected with a network,the computer program comprising: a first program code for restrictingaccess to each information resource according to an access control liston which access right to each information resource is recorded; a secondprogram code for intercepting an access by an access prohibited userlisted on an access prohibition list; a third program code for inputtinguser information corresponding to the access prohibited user; and afourth program code for updating the access prohibition listcorresponding to each access controller connected with the network,according to the input user information.
 23. A computer readablerecording medium in which a computer program executed by an accesscontroller to control an access to an information resource stored in astorage device is stored, the computer program being executed in asystem where a plurality of the access controllers and the storagedevices are connected with a network, the computer program comprising: afirst program code for restricting access to each information resourceaccording to an access control list on which access right to eachinformation resource is recorded; a second program code for receivinguser information of an access prohibited user from other accesscontroller; a third program code for updating an access prohibition liston which user information of access prohibited users is recorded,according to the received user information; and a fourth program codefor restricting the access according to the access prohibition listprior to the access control list.